Hi all,
I just successfully installed Debian 8 on a Net6501. Basically, I’d like to use
this device as a transparent network gateway between my computers / network
appliances and the router. The reason I’d like to do this is to use an IDS
system such as Snort for security purposes and to monitor certain aspects of my
personal web traffic.
To accomplish this, I’ve now configured a network bridge named br0 and added
all of the ethernet interfaces as members. This seems to work pretty well as
far as I can tell, I have eth0 hooked up to the router and my other machines
connected to the 3 remaining ports. Of course, this means that the Net6501 is
pretty much transparent now and does not, for example, show up as a gateway
when running a traceroute command to an external host.
I generally like this a lot and think it’s quite sensible to pass things like
DHCP and NAT on to the router, rather than installing a separate DHCP server on
the Net6501 and using iptables to NAT between the Soekris box and the router’s
subnet. Since I’m doing this for the very first time, however, I’m wondering
whether I’m on the right path, or if such a setup would impose certain
limitations that I might not be aware of.
For example, can I use a tool like Snort on the Net6501 and analyze all the
traffic passing through the Net6501, or could I be facing any issues when doing
this on a bridged network?
Also, I’m guessing that with this approach, any routing / firewalling of
traffic (e.g. by using iptables) is out of the question, right? For example, I
would think that it’s probably not possible to use iptables to block traffic
originating from certain IP addresses, or to route certain traffic through a
configured VPN tunnel, etc…
If any of you guys have more experience with network bridges, I’d be very happy
if you could answer my questions and / or share your observations with me. Like
I said I’m doing this for the first time, so there may well be things that I
haven’t even thought of yet! :-)
Thanks a lot!
Robin
_______________________________________________
Soekris-tech mailing list
[email protected]
http://lists.soekris.com/mailman/listinfo/soekris-tech
